Discussion in 'privacy general' started by mood, Aug 25, 2019.
I want to ask. Did you tried uBO on default or with dynamic filtering enabled?
I am using both - NoScript and uBlock Origin. NoScript for XSS, CSRF and ClearClick protection (no ABE support in Quantum unfortunately) and uBlock for anything else (blocking stuff, nocoin and other lists, Element Picker Mode, blocking pop-ups etc.). It is a great combo. Maybe it is overkill for most users, but I like it the way it is. In the past I used uMatrix, Request Policy and other similar extensions as well and they worked great as well but I moved on.
Not sure, but that was one of the things I didn't like about uBO. By the time I figured all that out it was just as easy for me to use NS.
If you know how XSS, CSRF, & CJ work you'll find uBO alone can block all of them if and only if used properly. Actually you can prevent all of them w/out any addon. But if you don't know and don't behave accordingly (it's not about making strict rules - strictness is not much relevant to these attacks), I'm sorry but it's theoretically possible you get to be the victim of XSS or CSRF despite your said overkill protection tho the likelihood is low (ofc I know how XSS Auditor works). Knowledge is the first-line defence, not products.
It's too sad NSQ dropped ABE - I once played with it, it was the most advanced tool in the NS which had infinite potential.
While there're many papers about various ad-blocker's efficiency such as this, this, this, this, & this, I could find only a few articles about filters. But they seem to agree on what I've been feeling. The one reveals the pathetic state of EasyList. https://arxiv.org/pdf/1810.09160.pdf
It's no hype - if you utilize uBO's stats feature, you'll see only a handful of rules block most of ads/trackers. So never think more rules means more blockage. Domain-based rules used in Disconnect/Ghostery will be easier to manage, I guess this may explain why they seldom make FPs - but hosts files tend to be FP-prone, presumably because most of them are managed by individuals.
The other https://arxiv.org/pdf/1906.00166.pdf examined how many days were spent for various lists to block new ads/trackers and how many days before ads/trackers emerge first time the lists could block them by proactive rules. Tho I'm not sure what exactly filter they meant by "AdGuard", basically the results agree on my observation that AG is much faster to react, while EL/EP is much more proactive by their aggressive generic rules which also are the cause of FPs and lead to many exception rules being made for them (often 4 - 10+ exceptions are made for an aggressive rule, contributing to such an extraordinary # of rules). What was surprising to me was domain-based lists like hphosts & MVPS also blocked many of ads/trackers proactively, tho they're quite slow to react.
Also the 3rd paper in the initial links is interesting in that blocking ads/trackers leads many sites to introduce alternative contents that won't be blocked by default setting of them (in uBO case, somehow it was Twitter widgets).
I'll finish my comments w/ notion of this paper: http://paginaspersonales.deusto.es/isantos/papers/2018/2018-sanchez-rola-dimva-knocking.pdf
Easy-to-everyone slides: http://paginaspersonales.deusto.es/isantos/papers/2018/2018-sanchez-rola-dimva-knocking-slides.pdf
According to the author, 90.7% of the websites with scripts used unknown tracking & most of them (73.8%) were embedded in the HTML, bypassing current blacklisting solutions such as EP & Ghostery. Even for known ones they only blocked 64.7% of the scripts even when they're combined. One reason is script renaming where blacklisting could only block 43.8% of the known scripts due to it.
They also mentioned fingerprinting-driven malware they found in-the-wild that abuses fingerprinting such as browsers, plugins, AVs etc., which was previously reported by Malwarebytes.
So it appears that in contrast to a belief that blacklisting tools would block most of trackers, the truth may be they miss most of trackers. Ofc the thing is if you care about it -- I personally don't take them as much of privacy invasion (at least by themselves), but do as more of resource abuse particularly in mobile devices.
The results also suggest uBO w/ medium mode is still far from perfect - tho it'll still be better than adding BLs such as Enhanced Trackers List (... and, again, most parts of the list is not sth you may infer from its description)
(Sorry for mod for troubling)
@142395 : Admittedly, I haven't read every word in those studies. Nevertheless, some thoughts about them:
1. That only a small number of the rules in EasyList is used by most users is certainly true. However, that first study used a sample of just 10,000 websites which is a tiny fraction of all available site sin the WWW. The fact that you won't come across of most of those sites doesn't make those rules necessarily worthless as everybody's surfing habits are different. Besides, @gorhill has repeatedly said that adding more rules or filterlists has no detrimental effects on uBO's performance. Hence, I don't consider the large number of rarely used filters a very big problem.
2. I had seen the study mentioned in your last post before but unfortunately right now it doesn't load for me. AFAIR, they only analyzed the effectiveness of EasyPrivacy and other anti-tracking list - but without EasyList. That's problematic as EasyPrivacy has always been an additional list (which isn't even enabled by default in AdBlock Plus for some inexplicable reason) while EasyList alone blocks a lot of tracking. Both lists in combination would have certainly lead to a better result. Besides, I seem to remember that that study does not properly distinguish between first-party and third-party scripts. And since I'm convinced that the vast majority of tracking scripts is still third-party, uBO's medium mode is highly effective.
1. It's possible that in the future tracking is done more first-party (partially because of the recently enabled tracking protection in Firefox). But inline script filtering and HTML filtering should be able to deal with that. Moreover, my current approach is that I block all (not only 3rd-party) cookies by choosing "Instantly" in Forget-Me-Not as the default (which is not offered by other cookie managers, AFAIK) and "on Leave" for most other cases where cookies are necessary.
2. Additionally, to prevent tracking across websites I'm using First-Party Isolation (also known as Cross-Origin Identifier Unlinkability in the Tor browser).
3. How to mitigate fingerprinting is debatable. Here's a more thorough discussion.
4. You can still be tracked by your IP address. I don't know how relevant that is today as most non-commercial internet users get a dynamic IP address from their providers. You can use Tor or a VPN to cover this.
Thx, very appreciated.
1. Sure, more thorough study will be required while we have ELLite & AdGuard's optimized filters. And as you said, thousands of network rules don't cause slowdown for uBO. What can potentially cause slowdown is tons of cosmetic filters and disabling generic cosmetic filter solves the issue. However, if you use AdGaurd for mobile, in particular on Android, you'll find noticable delay and moreover, battery life is significantly different. I found a solution, as I don't allow MITM, I just let it does domain-level blocking only w/ Simplified Domain Name filter and a few others.
However, the problem of deprecated rules is not just about that. As described in a paper posted in your thread, ad companies seem to be abusing deprecated exception rules to deliver ads/trackers, and it took 8 months for EL to patch the hole for the example. @gorhill also appears to be not very happy about many exception rules added for AAB despite his blocker doesn't need to rely on exception, and this is why I don't like widely-misunderstood AB Warning Removal & misnamed Enhanced Tracking Protection list. I'll come back this matter later.
2. Yes, if EL was added then the results were bit different, but not sure if it exceeded the combined results of EP & Ghostery. Another paper posted on that thread showed Ghostery is more efficient than either EL or EP alone, and several papers showed the combined results of uBO default filters are similar to Ghostery's one AFA tracking is concerned , tho some of the papers have limitation of domain-level testing. Paper  also guarantees trackers blocked by uBO and by Ghostery do not fully overwrap.
The authors are aware of 1st/3rd-party distinction and separately listed them in tracker classification, but didn't distinguish for blocking results. You know, most ppl solely rely on blacklists. But # of 1st-party tracker was non-negligible and there're even websites recommending to move analytics to 1st-party. I've also found some tracking scripts come in from whitelisted domains such as yimg.com, not to mention beacons (img). Ofc I'm aware of URL filtering but that's too much for me to manage.
I was relatively confident about my setup until I've investigated my browser activity and read these papers, but no more. You may see many blocking in the logger, but web pages may have just switched their content when they detected blocking, as mentioned in . The bottom line appears to be: if you wanna confident for blocking "most of trackers", medium mode may be just a minimum requirement - hard mode or uMatrix (or NS, RPC, etc.) on Firefox is recommended, preferably combined w/ network-level blocking to avoid the added exception problem. One deprecated or too permissive rule like @@||example.com/ads/ ruins all other blockings such as ||example.com^, /ads/*, etc., this is a reason one should be careful about adding a filter, but if example.com is blocked on network level you're safe. The problem is, not everyone can manage such a system like you.
Yes, but that isn't really a problem for uBO as it does it different than, e.g. ABP.
Yes, that's certainly true. Although I wouldn't recommend Noscript as it basically blocks scripts and is therefore not comparable with uBO's hard mode or uMatrix (which block all related network requests).
At least if you're using a Chromium-based browser. In this context it should also be noted that hosts files are rather inefficient if it comes to blocking. Notable examples are doubleclick.net or 302br.net which use thousands of sub-domains each. If they are not all included in your hosts file the protection is incomplete. A solution that makes sure that all sub-domains are blocked as well if you block the respective domain is much better - this is how it works with dnsmasq, unbound or dnscrpyt-proxy.
Yes, that's why Dynamic Filtering in uBO (or uM) is definitely the superior solution.
On the other hand those papers probably only used the default lists in the respective blockers. If you enable those other lists readily available in uBO the blocking result should significantly improve.[/quote][/QUOTE]
I have found the best solution for me is a multi-layer defense:
I use a firewall software called xSOS firewall https://www.xsossoftware.com/en/internet-privacy/ and the needed IP database, with it I can run traces on websites, see where they are connecting to and blanket block known trackers sites and data lechers, I have blanket blocked all of facebook for example, I don't use it yet many sites will connect you to it regardless. It takes a while to research all the connections build your list but once you do a large percentage of the tracker/data lecher problem is dealt with up front.
I use Adguard Desktop with its filters as a second layer, for anything the firewall misses.
The third layer is running my browsers in Sandboxie setup to auto-delete anything I accumulated during my browsing session at browser shut down, then just restart the browser often to flush any trackers that slip through the cracks .
Old NS could block many more than script, IDK about 5.x tho.
Agreed on hosts part, but I think even when you use Firefox, still combining network-level blocking will be better to nullify ill-effect of deprecated whitelist - just my 2 cents.
Actually some papers examined different filter sets, especially one used all default-available filters on uBO. Especially informative were some distinguished not-blocked and allowed (exception) for each filter or filter sets.
FWIW, I've abandoned Pi-hole recently and switched to dnscrypt-proxy which offers good filtering abilities and is easier to maintain than Pi-hole running on a Raspberry Pi. I'm combining some fillterlists with a script which runs once per day. The generated blacklist has about 170,000 entries - most of them domains. In order to block the corresponding sub-domains a hosts file would have to include probably a multitude of entries.
I see, thanks. This confirms once more that Dynamic Filtering (or uMatrix) is the way to go.
In everyday use, using TOR or a VPN is excessive.
Also to hide the IP.
I prefer to create confusion.
I insert a test to refine your settings in privacy:
Yes, i know that site. However, if creating confusion or hiding in the crowd is the better solution is debatable. And there is still the IP address which can be used to identify you. Granted, as a private user you probably get a dynamic IP - but still ...
As you can see in the image I have not used the private navigation window.
Wilders members know my location because I wrote it under my avatar:
Yet the website reports as "your location" = a city of France.
And every time I connect of internet this fictitious city changes:
I'm not sure that I understand. My impression from your previous post was that you do not use Tor or a VPN. So how do you hide your location?
Regarding creating confusion: Please visit https://www.deviceinfo.me/ . I tried it with several user-agent switchers. But that site always recognized the "True Browser Core" as Firefox even when the "Browser" was reported as, e.g., Edge or whatever. This also applies to "Operating System" and "True Operating System Core". So this is an inconsistency which makes you unique and, hence, trackable. It might be more prudent to set privacy.resistFingerprinting = true
The use of Noscript, obviously with non-default settings, allows me to prevent the retrieval of the information you mention for the website of the link.
Not counting the warnings.
It is not certain that every item is not spoofed.
I'm not interested in spoofing OS, Browser ....... but you can easily do that.
I cannot answer the first question so as not to endanger my precious privacy.
Also because the most widespread use of Tor or VPN is known to all.
It is not necessary to know the personal method I use.
Yes, by blocking scripts. But since scripts are required on many sites the interesting question is how to do it in those cases, of course.
Yes, it's not necessary. A method that only works for you is worthless and probably not bullet-proof if revealing at least some general details endanger your privacy.
Separate names with a comma.